CN113761515A - Cloud desktop security detection method and system, computing device and storage medium - Google Patents

Cloud desktop security detection method and system, computing device and storage medium Download PDF

Info

Publication number
CN113761515A
CN113761515A CN202110959543.6A CN202110959543A CN113761515A CN 113761515 A CN113761515 A CN 113761515A CN 202110959543 A CN202110959543 A CN 202110959543A CN 113761515 A CN113761515 A CN 113761515A
Authority
CN
China
Prior art keywords
resource access
terminal
user
connection
detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110959543.6A
Other languages
Chinese (zh)
Inventor
张琳
史杨
姜兆艺
赵小宾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Cstack Technology Co ltd
Original Assignee
Shanghai Cstack Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Cstack Technology Co ltd filed Critical Shanghai Cstack Technology Co ltd
Priority to CN202110959543.6A priority Critical patent/CN113761515A/en
Publication of CN113761515A publication Critical patent/CN113761515A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45591Monitoring or debugging support

Abstract

The embodiment of the invention relates to the field of cloud desktops, and particularly discloses a cloud desktop security detection method, a cloud desktop security detection system, computing equipment and a storage medium. The embodiment of the invention carries out the detection of the safe connection environment according to the connection request by receiving the connection request of the terminal, and establishes connection with the terminal after the detection is passed; acquiring identity information of a login user, performing identity authentication according to the identity information, and creating a virtual machine after the authentication is passed; and setting the resource access authority of the virtual machine according to the identity information, and warning and recording when the user access exceeds the resource access authority. The cloud server side and the terminal can be subjected to safe connection environment detection, the user is subjected to identity verification and resource access permission is set according to the user identity, safety of the cloud server side, the connection terminal and the user is effectively guaranteed, and the key data of an enterprise in the cloud side can be prevented from being illegally revealed or changed.

Description

Cloud desktop security detection method and system, computing device and storage medium
Technical Field
The invention belongs to the field of cloud desktops, and particularly relates to a cloud desktop security detection method, a cloud desktop security detection system, computing equipment and a storage medium.
Background
The cloud desktop is also called desktop virtualization and cloud computer, and is a new mode for replacing the traditional computer; after the cloud desktop is adopted, a user does not need to purchase a computer host, all components such as a CPU (central processing unit), a memory, a hard disk and the like contained in the computer host are virtualized out in a server at the back end, and the user accesses a virtual machine host on the server at the back end through a specific communication protocol after installing a client to realize interactive operation, so that the experience effect consistent with that of a computer is achieved; meanwhile, the cloud desktop not only supports the replacement of a traditional computer, but also supports other intelligent devices such as a mobile phone and a tablet to access the Internet, and is also the latest solution of mobile office.
The cloud desktop is characterized in that the desktop and data are concentrated on the server side through a desktop virtualization technology, so that the security of the cloud desktop is threatened by the cloud server side, the connection terminal and a user, and if the security of the cloud desktop in the three aspects cannot be guaranteed, the key data of an enterprise in the cloud side is illegally revealed or changed.
Disclosure of Invention
Embodiments of the present invention provide a cloud desktop security detection method, system, computing device, and storage medium, and aim to solve the problems in the background art.
In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:
a cloud desktop security detection method is suitable for a cloud server side, and specifically comprises the following steps:
receiving a connection request of a terminal, carrying out safety connection environment detection according to the connection request, and establishing connection with the terminal after the detection is passed;
acquiring identity information of a login user, performing identity authentication according to the identity information, and creating a virtual machine after the authentication is passed;
and setting the resource access authority of the virtual machine according to the identity information, and warning and recording when the user access exceeds the resource access authority.
As a further limitation of the technical solution of the embodiment of the present invention, the receiving a connection request of a terminal, performing a secure connection environment detection according to the connection request, and establishing a connection with the terminal after the detection is passed specifically includes the following steps:
receiving a connection request of a terminal;
performing security self-check on the cloud desktop according to the connection request to obtain a security self-check result;
acquiring a security detection report of the terminal;
and when the safety self-checking result and the safety detection report reach the standard, establishing connection with the terminal.
As a further limitation of the technical solution of the embodiment of the present invention, the performing security self-check on the cloud desktop according to the connection request to obtain a security self-check result specifically includes the following steps:
starting a security self-checking program according to the connection request;
acquiring process information and key registry information according to the security self-checking program;
analyzing the process information and the key registry information through a security detection model;
and obtaining a safety self-checking result according to the analysis result.
As a further limitation of the technical solution of the embodiment of the present invention, the acquiring a security detection report of the terminal specifically includes the following steps:
sending a safety detection instruction to the terminal;
and acquiring a safety detection report generated by the terminal according to the safety detection instruction.
As a further limitation of the technical solution of the embodiment of the present invention, the acquiring identity information of the login user, performing identity authentication according to the identity information, and after the authentication is passed, creating a virtual machine body includes the following steps:
acquiring identity information of a login user;
performing identity authentication on the identity information, and judging whether the identity authentication passes;
if the identity authentication is passed, creating a virtual machine;
and if the identity authentication is not passed, disconnecting the terminal.
As a further limitation of the technical solution of the embodiment of the present invention, the setting of the resource access right of the virtual machine according to the identity information, and the warning and recording when the user access exceeds the resource access right specifically include the following steps:
determining an access level according to the identity information;
setting the resource access authority of the virtual machine according to the access level;
and limiting the resource access of the user based on the resource access authority, and warning and recording when the resource access of the user exceeds the resource access authority.
Another object of an embodiment of the present invention is to provide a cloud desktop security detection system, where the system includes a connection detection unit, an identity verification unit, and an access restriction unit, where:
the system comprises a connection detection unit, a connection processing unit and a processing unit, wherein the connection detection unit is used for receiving a connection request of a terminal, carrying out safe connection environment detection according to the connection request and establishing connection with the terminal after the detection is passed;
the identity authentication unit is used for acquiring identity information of a login user, performing identity authentication according to the identity information, and creating a virtual machine after the authentication is passed;
and the access limiting unit is used for setting the resource access right of the virtual machine according to the identity information and carrying out warning and recording when the user access exceeds the resource access right.
It is another object of an embodiment of the present invention to provide a computer device, including a memory and a processor, where the memory stores a computer program, and the computer program, when executed by the processor, causes the processor to execute the steps of the cloud desktop security detection method as described above.
It is another object of an embodiment of the present invention to provide a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, causes the processor to execute the steps of the cloud desktop security detection method as described above.
Compared with the prior art, the invention has the beneficial effects that:
the embodiment of the invention carries out the detection of the safe connection environment according to the connection request by receiving the connection request of the terminal, and establishes connection with the terminal after the detection is passed; acquiring identity information of a login user, performing identity authentication according to the identity information, and creating a virtual machine after the authentication is passed; and setting the resource access authority of the virtual machine according to the identity information, and warning and recording when the user access exceeds the resource access authority. The cloud server side and the terminal can be subjected to safe connection environment detection, the user is subjected to identity verification and resource access permission is set according to the user identity, safety of the cloud server side, the connection terminal and the user is effectively guaranteed, and the key data of an enterprise in the cloud side can be prevented from being illegally revealed or changed.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention.
Fig. 1 is a diagram illustrating a network implementation environment of a method provided by an embodiment of the invention.
Fig. 2 shows a flow chart of a method provided by an embodiment of the invention.
Fig. 3 shows a flowchart of connection security detection in the method provided by the embodiment of the present invention.
Fig. 4 shows a flow chart of security self-check in the method provided by the embodiment of the present invention.
Fig. 5 shows a flowchart for acquiring a security detection report in the method provided by the embodiment of the present invention.
Fig. 6 shows a flowchart of user authentication in the method provided by the embodiment of the present invention.
Fig. 7 shows a flowchart of setting access rights in the method provided by the embodiment of the present invention.
Fig. 8 is a flowchart illustrating the access right determination in the method according to the embodiment of the present invention.
Fig. 9 shows an application architecture diagram of a system provided by an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It can be understood that, in the prior art, the security of the cloud desktop is threatened by the cloud server, the connection terminal and the user, and if the security of the three aspects cannot be guaranteed, the key data of the enterprise in the cloud end is easily illegally revealed or changed.
In order to solve the problems, the embodiment of the invention can detect the safe connection environment of the cloud server and the terminal, verify the identity of the user and set the resource access authority according to the identity of the user, effectively ensure the safety of the cloud server, the terminal and the user, and can prevent the key data of an enterprise at the cloud end from being illegally leaked or changed.
Fig. 1 is a diagram of a network implementation environment of the method according to the embodiment of the present invention.
In the network real-time environment diagram, the cloud server 101 may be connected to two or more terminals 102 and 103 at the same time, so as to provide a cloud desktop, cloud storage, cloud computing, and the like for the two or more terminals 102 and 103. Cloud server end 101 is a simple high-efficient, safe and reliable, the computing service end that throughput elasticity is flexible, and its management mode is simple high-efficient than the physical server, and enterprise and user need not to purchase hardware in advance, can establish rapidly or release many arbitrary cloud servers, and cloud server end 101 is the important component part of cloud computing service, is the service platform that provides comprehensive business ability towards all kinds of internet users, has integrated three core elements of internet application in the traditional meaning: computing, storage and networking, providing a communalized internet infrastructure service towards enterprises and users. The terminal 102 may be a display, a mobile tablet, etc. capable of content input and content output.
Fig. 2 shows a flow chart of a method provided by an embodiment of the invention.
Specifically, the cloud desktop security detection method is suitable for the cloud server 101, and specifically includes the following steps:
step S101, receiving a connection request of a terminal 102, performing secure connection environment detection according to the connection request, and establishing connection with the terminal 102 after the detection is passed.
In the embodiment of the present invention, when a user connects a terminal 102 with a cloud server 101, the terminal 102 sends a connection request to the cloud server 101, and after the cloud server 101 receives the connection request, the cloud server performs security detection on a connection environment, and establishes connection with the terminal 102 when the connection environment between the cloud server 101 and the terminal 102 is ensured to be secure.
Specifically, fig. 3 shows a flowchart of connection security detection in the method provided by the embodiment of the present invention.
In an embodiment of the present invention, the receiving a connection request from a terminal, performing a secure connection environment detection according to the connection request, and after the detection is passed, establishing a connection with the terminal specifically includes the following steps:
in step S1011, a connection request from the terminal 102 is received.
In the embodiment of the present invention, when a user connects a terminal 102 with a cloud server 101, the cloud server 101 receives a connection request sent by the terminal 102.
And step S1012, carrying out cloud desktop security self-checking according to the connection request to obtain a security self-checking result.
In the embodiment of the present invention, after receiving the connection request, the cloud server 101 performs security self-check on the cloud desktop, and obtains a security self-check result.
Specifically, fig. 4 shows a flow chart of security self-check in the method provided by the embodiment of the present invention.
In an embodiment of the present invention, the performing a cloud desktop security self-check according to the connection request to obtain a security self-check result specifically includes:
and step S10121, starting a security self-check program according to the connection request.
In the embodiment of the invention, after the connection request is received, the security self-check program is triggered and started.
And step S10122, acquiring process information and key registry information according to the security self-checking program.
In the embodiment of the present invention, the security self-check program is used to scan the current process information and the key registry in the cloud server 101.
Step S10123, analyzing the process information and the key registry information through a security detection model.
In the embodiment of the invention, the process information and the key registry information which are obtained by scanning are input into the security detection model, the analysis results of the process information and the key registry are derived according to the analysis of the security detection model, and whether a malicious process and the key registry exist is judged.
It can be understood that the security detection model is a detection model trained according to the process information and the key registry information, and can determine whether the process and the key registry are malicious or not according to the input process information and the key registry information.
And step S10124, obtaining a safety self-checking result according to the analysis result.
In the embodiment of the present invention, whether the self-check result for the cloud server 101 is safe is determined according to whether a malicious process and a key registry exist in the analysis result.
Further, the receiving a connection request of a terminal, performing secure connection environment detection according to the connection request, and establishing a connection with the terminal after the detection is passed further includes the following steps:
step S1013, a security detection report of the terminal 102 is acquired.
In the embodiment of the present invention, the terminal 102 performs security detection to obtain a security detection report, and sends the security detection report to the cloud server 101.
Specifically, fig. 5 shows a flowchart for acquiring a security detection report in the method provided by the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the acquiring the security detection report of the terminal specifically includes the following steps:
step S10131, sending a security detection instruction to the terminal 102.
In the embodiment of the present invention, after receiving the connection request, the cloud server 101 generates a security detection instruction, and sends the security detection instruction to the terminal 102.
Step S10132, acquiring a security detection report generated by the terminal 102 according to the security detection instruction.
In the embodiment of the present invention, after receiving the security detection instruction sent by the cloud server 101, the terminal 102 performs security detection, generates a security detection report, and sends the security detection report to the cloud server 101.
Further, the receiving a connection request of a terminal, performing secure connection environment detection according to the connection request, and establishing a connection with the terminal after the detection is passed further includes the following steps:
step S1014, when both the security self-check result and the security check report reach the standard, establishing a connection with the terminal 102.
In the embodiment of the invention, when the safety self-checking result and the safety detection report reach the standard, the connection environment is safe, and at this time, the cloud server 101 establishes connection with the terminal 102; if any one of the security self-checking result and the security detection report cannot reach the standard, the connection environment is unsafe, and at this time, the cloud server 101 does not establish connection with the terminal 102.
Further, the cloud desktop security detection method further comprises the following steps:
step S102, obtaining identity information of a login user, performing identity authentication according to the identity information, and creating a virtual machine after the authentication is passed.
In the embodiment of the present invention, the identity information input by the user on the terminal 102 is obtained, the identity information of the user is authenticated, whether the user has a login right is determined, and if the user passes the authentication, a virtual machine is created to perform data transmission with the terminal 102.
It will be appreciated that a virtual machine is a complete computer system with complete hardware system functionality, operating in a completely isolated environment, simulated by software. The work that can be done in a physical computer can be implemented in a virtual machine. When creating a virtual machine in the cloud server 101, it is necessary to use a part of the memory of the cloud server 101 as the hard disk and the memory capacity of the virtual machine. Each virtual machine has a separate CMOS, hard disk and operating system, and can perform data processing, data storage and data transmission as if a physical machine is used.
Specifically, fig. 6 shows a flowchart of user identity authentication in the method provided by the embodiment of the present invention.
In a preferred embodiment of the present invention, the acquiring identity information of a login user, performing identity authentication according to the identity information, and after the authentication is passed, creating a virtual machine entity includes the following steps:
step S1021, the identity information of the login user is obtained.
In the embodiment of the present invention, a user inputs identity information of the user on the terminal 102, and the terminal 102 sends the identity information to the cloud server 101.
Step S1022, perform authentication on the identity information, and determine whether the authentication passes.
In the embodiment of the invention, the information is matched with the identity information base according to the identity information of the user, so that the login authority of the user is verified, whether the identity verification passes or not is judged, and whether the user can log in is further judged.
In step S1023, if the authentication is passed, a virtual machine is created.
In the embodiment of the present invention, if the authentication is passed, it indicates that the user has the login right, and at this time, the virtual machine is created to perform data transmission with the terminal 102.
Step S1024, if the authentication fails, the terminal 102 is disconnected.
In the embodiment of the invention, if the identity authentication is not passed, the user does not have the login authority, and the connection with the corresponding terminal 102 is disconnected at the moment, so that the data is prevented from being leaked to the user with the login authority, and the important data of enterprises or individuals is prevented from being stolen.
Further, the cloud desktop security detection method further comprises the following steps:
and step S103, setting the resource access authority of the virtual machine according to the identity information, and warning and recording when the user access exceeds the resource access authority.
In the embodiment of the invention, the resource access authority of the virtual machine is set according to the identity information of the user, so that the user can only access partial resources through the terminal 102 and the virtual machine, and if the user accesses the resources exceeding the resource access authority, a warning is given, and the access operation exceeding the resource access authority is recorded.
Specifically, fig. 7 shows a flowchart of setting access rights in the method provided by the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the setting a resource access right of the virtual machine according to the identity information, and performing warning and recording when the user access exceeds the resource access right specifically includes the following steps:
and step S1031, determining an access level according to the identity information.
In the embodiment of the invention, the access level corresponding to the user identity information is matched according to the user identity information.
And S1032, setting the resource access authority of the virtual machine according to the access level.
In the embodiment of the present invention, according to the matched access level, the resource access authority of the virtual machine connected to the user through the terminal 102 is set.
It can be understood that in an enterprise, in order to prevent data leakage of a company and guarantee confidentiality of company technology, data access rights of the company are set to be different for different employees. By setting the resource access authority of the virtual machine, the virtual machine established according to the user identity information has different resource access ranges according to different identity information. Such as: the higher the employee role level is, the greater the resource access authority is; the staff of the design department does not have the resource access authority of the project department and the like. Therefore, the leakage of business secrets, technical research and the like of the company is avoided, the technology of the company is prevented from being randomly stolen by competitors, and the competitive advantage of the enterprise is guaranteed.
And step S1033, based on the resource access authority, limiting the resource access of the user, and when the user access exceeds the resource access authority, performing warning and recording.
In the embodiment of the invention, the user can only access the resources through the virtual machine according to the resource access authority, and meanwhile, in order to avoid the access of the super resource access authority by the user, the access behavior of the super resource access authority is warned and recorded.
It can be understood that the resource access authority setting for the user is to better protect core data such as technical materials of an enterprise, if the user accesses the super resource access authority, a warning is given on the terminal 102 of the user, and a specific warning manner may be a popup warning, and the access of the super resource access authority is recorded, so that the enterprise can conveniently investigate the access of the super resource access authority.
Specifically, fig. 8 shows a flowchart of determining access rights in the method provided by the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the limiting the resource access of the user based on the resource access right, and when the resource access of the user exceeds the resource access right, the warning and recording specifically include the following steps:
step S10331, when the user accesses the resource, obtains the resource access type.
In the embodiment of the invention, when the user accesses the resource, the resource access type is acquired. The resource access type may be a resource classification by the affiliate, privacy level, etc. of the access resource.
Step S10332, determining whether the resource access type exceeds the resource access right.
In the embodiment of the invention, the resource access type is compared with the resource access authority set by the virtual machine, and whether the resource access type is in the resource access authority is judged.
Step S10333, if the resource access type does not exceed the resource access right, allowing the user to access.
In the embodiment of the invention, if the resource access type is in the resource access authority set by the virtual machine, the user is judged to be normally accessed, and the user is allowed to access at the moment.
Step S10334, if the resource access type exceeds the resource access right, limiting the user access, and performing warning and recording.
In the embodiment of the invention, if the resource access type exceeds the resource access authority set by the virtual machine, the user is judged to be abnormally accessed, the user is refused to access at the moment, a popup warning is generated, and the access operation of the resource access authority is recorded.
Further, fig. 9 shows an application architecture diagram of the system provided by the embodiment of the present invention.
Specifically, the cloud desktop security detection system is characterized by comprising a connection detection unit 1011, an identity verification unit 1012 and an access restriction unit 1013, wherein:
the connection detection unit 1011 is configured to receive a connection request of the terminal 102, perform secure connection environment detection according to the connection request, and establish a connection with the terminal 102 after the detection is passed.
In the embodiment of the present invention, when a user connects a terminal 102 with a cloud server 101, the terminal 102 sends a connection request to the cloud server 101, and after receiving the connection request through a connection detection unit 1011, the cloud server 101 performs security detection on a connection environment, and establishes a connection with the terminal 102 when the connection environment between the cloud server 101 and the terminal 102 is ensured to be secure.
An identity authentication unit 1012, configured to acquire identity information of a login user, perform identity authentication according to the identity information, and create a virtual machine after the authentication passes.
In this embodiment of the present invention, the authentication unit 1012 obtains the identity information input by the user on the terminal 102, performs authentication on the identity information of the user, determines whether the user has a login right, and creates a virtual machine to perform data transmission with the terminal 102 if the user passes the authentication.
And the access limiting unit 1013 is configured to set a resource access right of the virtual machine according to the identity information, and perform warning and recording when the user access exceeds the resource access right.
In this embodiment of the present invention, the access limiting unit 1013 sets the resource access authority of the virtual machine according to the identity information of the user, so that the user can only access a part of resources through the terminal 102 and the virtual machine, and if the user accesses a resource that exceeds the resource access authority, the user will give an alarm and record the access operation that exceeds the resource access authority this time.
In one embodiment, a computer device is proposed, the computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
receiving a connection request of a terminal, carrying out safety connection environment detection according to the connection request, and establishing connection with the terminal after the detection is passed;
acquiring identity information of a login user, performing identity authentication according to the identity information, and creating a virtual machine after the authentication is passed;
and setting the resource access authority of the virtual machine according to the identity information, and warning and recording when the user access exceeds the resource access authority.
In one embodiment, a computer readable storage medium is provided, having a computer program stored thereon, which, when executed by a processor, causes the processor to perform the steps of:
receiving a connection request of a terminal, carrying out safety connection environment detection according to the connection request, and establishing connection with the terminal after the detection is passed;
acquiring identity information of a login user, performing identity authentication according to the identity information, and creating a virtual machine after the authentication is passed;
and setting the resource access authority of the virtual machine according to the identity information, and warning and recording when the user access exceeds the resource access authority.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in various embodiments may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. The cloud desktop security detection method is applicable to a cloud server side, and specifically comprises the following steps:
receiving a connection request of a terminal, carrying out safety connection environment detection according to the connection request, and establishing connection with the terminal after the detection is passed;
acquiring identity information of a login user, performing identity authentication according to the identity information, and creating a virtual machine after the authentication is passed;
and setting the resource access authority of the virtual machine according to the identity information, and warning and recording when the user access exceeds the resource access authority.
2. The cloud desktop security detection method according to claim 1, wherein the receiving of the connection request of the terminal, the detection of the security connection environment according to the connection request, and the establishing of the connection with the terminal after the detection is passed specifically comprises the following steps:
receiving a connection request of a terminal;
performing security self-check on the cloud desktop according to the connection request to obtain a security self-check result;
acquiring a security detection report of the terminal;
and when the safety self-checking result and the safety detection report reach the standard, establishing connection with the terminal.
3. The cloud desktop security detection method according to claim 2, wherein the performing of cloud desktop security self-checking according to the connection request to obtain a security self-checking result specifically comprises the following steps:
starting a security self-checking program according to the connection request;
acquiring process information and key registry information according to the security self-checking program;
analyzing the process information and the key registry information through a security detection model;
and obtaining a safety self-checking result according to the analysis result.
4. The cloud desktop security detection method according to claim 2, wherein the acquiring the security detection report of the terminal specifically includes the following steps:
sending a safety detection instruction to the terminal;
and acquiring a safety detection report generated by the terminal according to the safety detection instruction.
5. The cloud desktop security detection method according to claim 1, wherein the obtaining identity information of the login user, performing identity verification according to the identity information, and after the verification is passed, creating a virtual machine body comprises the following steps:
acquiring identity information of a login user;
performing identity authentication on the identity information, and judging whether the identity authentication passes;
if the identity authentication is passed, creating a virtual machine;
and if the identity authentication is not passed, disconnecting the terminal.
6. The cloud desktop security detection method of claim 1, wherein the setting of the resource access right of the virtual machine according to the identity information and the warning and recording when the user access exceeds the resource access right specifically comprise the following steps:
determining an access level according to the identity information;
setting the resource access authority of the virtual machine according to the access level;
and limiting the resource access of the user based on the resource access authority, and warning and recording when the resource access of the user exceeds the resource access authority.
7. The cloud desktop security detection method of claim 6, wherein the limiting the resource access of the user based on the resource access right, and the warning and recording when the resource access of the user exceeds the resource access right specifically comprises the following steps:
when a user accesses resources, acquiring a resource access type;
judging whether the resource access type exceeds the resource access authority or not;
if the resource access type does not exceed the resource access authority, allowing the user to access;
and if the resource access type exceeds the resource access authority, limiting the user access, and performing warning and recording.
8. The cloud desktop security detection system is characterized by comprising a connection detection unit, an identity verification unit and an access limiting unit, wherein:
the system comprises a connection detection unit, a connection processing unit and a processing unit, wherein the connection detection unit is used for receiving a connection request of a terminal, carrying out safe connection environment detection according to the connection request and establishing connection with the terminal after the detection is passed;
the identity authentication unit is used for acquiring identity information of a login user, performing identity authentication according to the identity information, and creating a virtual machine after the authentication is passed;
and the access limiting unit is used for setting the resource access right of the virtual machine according to the identity information and carrying out warning and recording when the user access exceeds the resource access right.
9. A computer device comprising a memory and a processor, the memory having stored therein a computer program that, when executed by the processor, causes the processor to perform the steps of the cloud desktop security detection method of any of claims 1 to 7.
10. A computer-readable storage medium, having a computer program stored thereon, which, when executed by a processor, causes the processor to perform the steps of the cloud desktop security detection method of any of claims 1 to 7.
CN202110959543.6A 2021-08-20 2021-08-20 Cloud desktop security detection method and system, computing device and storage medium Pending CN113761515A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110959543.6A CN113761515A (en) 2021-08-20 2021-08-20 Cloud desktop security detection method and system, computing device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110959543.6A CN113761515A (en) 2021-08-20 2021-08-20 Cloud desktop security detection method and system, computing device and storage medium

Publications (1)

Publication Number Publication Date
CN113761515A true CN113761515A (en) 2021-12-07

Family

ID=78790543

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110959543.6A Pending CN113761515A (en) 2021-08-20 2021-08-20 Cloud desktop security detection method and system, computing device and storage medium

Country Status (1)

Country Link
CN (1) CN113761515A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584382A (en) * 2022-03-08 2022-06-03 广东南方电信规划咨询设计院有限公司 Security management method and system for wireless data transmission
CN115865536A (en) * 2023-03-01 2023-03-28 珠海市鸿瑞信息技术股份有限公司 Industrial control information security defense system and method based on artificial intelligence
WO2024021883A1 (en) * 2022-07-25 2024-02-01 中兴通讯股份有限公司 Information leakage prevention method and apparatus, and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015196659A1 (en) * 2014-06-23 2015-12-30 中兴通讯股份有限公司 Method and device for authenticating connection between desktop cloud client and serving end
CN106453359A (en) * 2016-11-02 2017-02-22 河南智业科技发展有限公司 Dedicated cloud desktop for education based on cloud services
CN110213215A (en) * 2018-08-07 2019-09-06 腾讯科技(深圳)有限公司 A kind of resource access method, device, terminal and storage medium
CN111444505A (en) * 2020-04-21 2020-07-24 河南楠嘉科技有限公司 Cloud desktop mobile device security management method
CN111966459A (en) * 2020-08-10 2020-11-20 国网四川省电力公司信息通信公司 Virtual cloud desktop system
CN112507303A (en) * 2020-12-10 2021-03-16 医渡云(北京)技术有限公司 Cloud desktop management method, device and system, storage medium and electronic equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015196659A1 (en) * 2014-06-23 2015-12-30 中兴通讯股份有限公司 Method and device for authenticating connection between desktop cloud client and serving end
CN106453359A (en) * 2016-11-02 2017-02-22 河南智业科技发展有限公司 Dedicated cloud desktop for education based on cloud services
CN110213215A (en) * 2018-08-07 2019-09-06 腾讯科技(深圳)有限公司 A kind of resource access method, device, terminal and storage medium
CN111444505A (en) * 2020-04-21 2020-07-24 河南楠嘉科技有限公司 Cloud desktop mobile device security management method
CN111966459A (en) * 2020-08-10 2020-11-20 国网四川省电力公司信息通信公司 Virtual cloud desktop system
CN112507303A (en) * 2020-12-10 2021-03-16 医渡云(北京)技术有限公司 Cloud desktop management method, device and system, storage medium and electronic equipment

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584382A (en) * 2022-03-08 2022-06-03 广东南方电信规划咨询设计院有限公司 Security management method and system for wireless data transmission
CN114584382B (en) * 2022-03-08 2024-02-02 广东南方电信规划咨询设计院有限公司 Security management method and system for wireless data transmission
WO2024021883A1 (en) * 2022-07-25 2024-02-01 中兴通讯股份有限公司 Information leakage prevention method and apparatus, and storage medium
CN115865536A (en) * 2023-03-01 2023-03-28 珠海市鸿瑞信息技术股份有限公司 Industrial control information security defense system and method based on artificial intelligence

Similar Documents

Publication Publication Date Title
US9525684B1 (en) Device-specific tokens for authentication
CN113761515A (en) Cloud desktop security detection method and system, computing device and storage medium
US9762608B1 (en) Detecting malware
US10834115B2 (en) Methods and systems for providing security for page framing
KR101700552B1 (en) Context based switching to a secure operating system environment
US10176318B1 (en) Authentication information update based on fraud detection
JP2019134465A (en) System and method for protecting against unauthorized network intrusion
US20150271200A1 (en) Techniques to provide network security through just-in-time provisioned accounts
US9225744B1 (en) Constrained credentialed impersonation
US10419431B2 (en) Preventing cross-site request forgery using environment fingerprints of a client device
US9667613B1 (en) Detecting mobile device emulation
US11770385B2 (en) Systems and methods for malicious client detection through property analysis
CA2935688A1 (en) System and method for biometric protocol standards
US10148631B1 (en) Systems and methods for preventing session hijacking
CN110268406B (en) Password security
US11061999B2 (en) Systems and methods for dynamically enforcing digital rights management via embedded browser
CN108965222A (en) Identity identifying method, system and computer readable storage medium
US20160292437A1 (en) Technique for data loss prevention for a cloud sync application
CN114297708A (en) Access control method, device, equipment and storage medium
CN110990798B (en) Application program permission configuration method and device, electronic equipment and storage medium
US20190199726A1 (en) Connection control for virtualized environments
CN106295384B (en) Big data platform access control method and device and authentication server
US9571497B1 (en) Systems and methods for blocking push authentication spam
US11665166B2 (en) Secure computing platform
CN109818915B (en) Information processing method and device, server and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination